Security Bulletin: Version 5.0.5 of Redis included in IBM Netcool Operations Insight 1.6.1.x has a security vulnerability
CVEID:CVE-2020-14147
**DESCRIPTION:**Redis is vulnerable to a denial of service, caused by an integer overflow in the getnum function in lua_struct.c in Redis. By sending a specially crafted command with a large number, a remote attacker could exploit this vulnerability to cause a stack-based buffer overflow, leading a denial of service…
CVSS Base score: 5.3
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/183518 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Affected Product(s) | Version(s) |
---|---|
IBM Cloud Event Management on IBM Cloud Private | All |
IBM Netcool Operations Insight 1.6.2 includes the fix for this vulnerability. Please see IBM Support to upgrade to Netcool Operations Insight 1.6.2: <https://www.ibm.com/support/pages/node/6221238>
None